Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Citrix Discussions
exam questions

Exam 1Y0-402 All Questions

View all questions & answers for the 1Y0-402 exam
Go to Exam

Exam 1Y0-402 topic 1 question 46 discussion

Actual exam question from Citrix's 1Y0-402
Question #: 46
Topic #: 1
[All 1Y0-402 Questions]

Scenario: A Citrix Architect wants to set up double-hop access for an existing XenApp and XenDesktop Site. All communication across DMZ 1, DMZ 2, and the
Internal Network is encrypted over port 443. The architect has proposed the design shown in the Exhibit, where DMZ 1 has NetScaler Gateway 1 and DMZ 2 has
NetScaler Gateway 2 and StoreFront.
Click the Exhibit button to view the design.

Which two sets of ports should the architect request to enable on Firewall 2?

  • A. Port 443 outbound and Port 1494/2598 inbound
  • B. Port 443 outbound and Port 80 inbound
  • C. Port 443 outbound and Port 443 inbound
  • D. Port 443 outbound and Port 389/636 inbound
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CitrixNick at April 19, 2020, 1:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
kolan90
2 years, 5 months ago
and firewall1?
upvoted 1 times
...
d0bermannn
2 years, 9 months ago
Selected Answer: C
C. Port 443 outbound and Port 443 inbound 389/636 open on fw3
upvoted 1 times
...
maurizio_n91
3 years, 5 months ago
C for me, it's enought. LDAP based on picture need to be implemented on firewall 3 instead
upvoted 3 times
...
ayushwithu
3 years, 8 months ago
D. https://docs.citrix.com/en-us/legacy-archive/downloads/netscaler-gateway-12-0.pdf page #388
upvoted 1 times
...
thedelph
4 years, 3 months ago
Isn't the answer in the question? "All communication across DMZ 1, DMZ 2, and the Internal Network is encrypted over port 443" So it would be C?
upvoted 2 times
...
Citrix123
4 years, 6 months ago
Opening port 443 is enough when there is no authentication configured on Netscaler Gateway in the first DMZ. If you enabled authentication on NetScaler Gateway in the first DMZ, this appliance might need to connect to an authentication server in the internal network. If authentication is enabled additionel ports are needed. Example: 1812 for Radius or 389 for LDAP. https://docs.citrix.com/en-us/netscaler-gateway/12/double-hop-dmz/ng-double-dmz-install-con/ng-double-dmz-install-open-ports-tsk.html
upvoted 4 times
...
ijhoojhisdojihoij
4 years, 6 months ago
C and D I think two answers are required.
upvoted 1 times
...
CitrixNick
4 years, 7 months ago
Can someone confirm ... the need to open port 389 (LDAP) and/or 636 (LDAPS) LDAP/LDAPS verification can handles the authentication @Active Director The verification step can be delegated to Second NS GateWay, StoreFront or the Delivery Controller. https://support.citrix.com/article/CTX101810
upvoted 1 times
d0bermannn
2 years, 9 months ago
yes, 389/636, but on fw3
upvoted 1 times
...
...
CitrixNick
4 years, 7 months ago
443 = SSL 389 = LDAP 696 = LDAPS (Secure)
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel